.. -*-restructuredtext-*-
.. image:: https://github.com/ubernostrum/pwned-passwords-django/workflows/CI/badge.svg
:alt: CI status image
:target: https://github.com/ubernostrum/pwned-passwords-django/actions?query=workflow%3ACI
``pwned-passwords-django`` provides helpers for working with the
`Pwned Passwords database from Have I Been Pwned
<https://haveibeenpwned.com/Passwords>`_ in `Django
<https://www.djangoproject.com/>`_ powered sites. Pwned Passwords is
an extremely large database of passwords known to have been
compromised through data breaches, and is useful as a tool for
rejecting common or weak passwords.
There are three main components to this application:
* `A password validator
<https://pwned-passwords-django.readthedocs.io/en/latest/validator.html>`_
which integrates with `Django's password-validation tools
<https://docs.djangoproject.com/en/5.0/topics/auth/passwords/#module-django.contrib.auth.password_validation>`_
and checks the Pwned Passwords database.
* `A Django middleware
<https://pwned-passwords-django.readthedocs.io/en/latest/middleware.html>`_
(supporting both sync and async requests) which automatically checks
certain request payloads against the Pwned Passwords database.
* `An API client
<https://pwned-passwords-django.readthedocs.io/en/latest/api.html>`_
providing direct access (both sync and async) to the Pwned Passwords
database.
All three use a secure, anonymized API which `never transmits any
password or its full hash to any third party
<https://pwned-passwords-django.readthedocs.io/en/latest/faq.html#api-safety>`_.
Usage
-----
The recommended configuration is to enable both the validator and the
automatic password-checking middleware. To do this, make the following
changes to your Django settings.
First, add the validator to your AUTH_PASSWORD_VALIDATORS list:
.. code-block:: python
AUTH_PASSWORD_VALIDATORS = [
# ... other password validators ...
{
"NAME": "pwned_passwords_django.validators.PwnedPasswordsValidator",
},
]
Then, add the middleware to your MIDDLEWARE list:
.. code-block:: python
MIDDLEWARE = [
# .. other middlewares ...
"pwned_passwords_django.middleware.pwned_passwords_middleware",
]
For more details, consult `the full documentation
<https://pwned-passwords-django.readthedocs.io/>`_.
Raw data
{
"_id": null,
"home_page": "",
"name": "pwned-passwords-django",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "",
"keywords": "django,security,passwords,auth,authentication",
"author": "",
"author_email": "James Bennett <james@b-list.org>",
"download_url": "https://files.pythonhosted.org/packages/a6/4b/6bc8dafb24154935ddae31225c45fe189cdd03ba7fdeeab21a81c1ad541f/pwned-passwords-django-2.1.tar.gz",
"platform": null,
"description": ".. -*-restructuredtext-*-\n\n.. image:: https://github.com/ubernostrum/pwned-passwords-django/workflows/CI/badge.svg\n :alt: CI status image\n :target: https://github.com/ubernostrum/pwned-passwords-django/actions?query=workflow%3ACI\n\n``pwned-passwords-django`` provides helpers for working with the\n`Pwned Passwords database from Have I Been Pwned\n<https://haveibeenpwned.com/Passwords>`_ in `Django\n<https://www.djangoproject.com/>`_ powered sites. Pwned Passwords is\nan extremely large database of passwords known to have been\ncompromised through data breaches, and is useful as a tool for\nrejecting common or weak passwords.\n\nThere are three main components to this application:\n\n* `A password validator\n <https://pwned-passwords-django.readthedocs.io/en/latest/validator.html>`_\n which integrates with `Django's password-validation tools\n <https://docs.djangoproject.com/en/5.0/topics/auth/passwords/#module-django.contrib.auth.password_validation>`_\n and checks the Pwned Passwords database.\n\n* `A Django middleware\n <https://pwned-passwords-django.readthedocs.io/en/latest/middleware.html>`_\n (supporting both sync and async requests) which automatically checks\n certain request payloads against the Pwned Passwords database.\n\n* `An API client\n <https://pwned-passwords-django.readthedocs.io/en/latest/api.html>`_\n providing direct access (both sync and async) to the Pwned Passwords\n database.\n\nAll three use a secure, anonymized API which `never transmits any\npassword or its full hash to any third party\n<https://pwned-passwords-django.readthedocs.io/en/latest/faq.html#api-safety>`_.\n\n\nUsage\n-----\n\nThe recommended configuration is to enable both the validator and the\nautomatic password-checking middleware. To do this, make the following\nchanges to your Django settings.\n\nFirst, add the validator to your AUTH_PASSWORD_VALIDATORS list:\n\n.. code-block:: python\n\n AUTH_PASSWORD_VALIDATORS = [\n # ... other password validators ...\n {\n \"NAME\": \"pwned_passwords_django.validators.PwnedPasswordsValidator\",\n },\n ]\n\nThen, add the middleware to your MIDDLEWARE list:\n\n.. code-block:: python\n\n MIDDLEWARE = [\n # .. other middlewares ...\n \"pwned_passwords_django.middleware.pwned_passwords_middleware\",\n ]\n\nFor more details, consult `the full documentation\n<https://pwned-passwords-django.readthedocs.io/>`_.\n",
"bugtrack_url": null,
"license": "BSD-3-Clause",
"summary": "A Pwned Passwords implementation for Django sites.",
"version": "2.1",
"project_urls": {
"Documentation": "https://pwned-passwords-django.readthedocs.io/",
"Homepage": "https://github.com/ubernostrum/pwned-passwords-django"
},
"split_keywords": [
"django",
"security",
"passwords",
"auth",
"authentication"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "f903756fd56ca70379f43be306bf24f15f3be27179e97ac381bb4c8ee537f29c",
"md5": "84a2dee93afb0341b9da44f5f28f7a75",
"sha256": "09cd29d3699bfea9f4a367e92a9eb106bfc09eefb873e58c15e5f48800992f8e"
},
"downloads": -1,
"filename": "pwned_passwords_django-2.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "84a2dee93afb0341b9da44f5f28f7a75",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 12242,
"upload_time": "2024-02-27T07:47:43",
"upload_time_iso_8601": "2024-02-27T07:47:43.125651Z",
"url": "https://files.pythonhosted.org/packages/f9/03/756fd56ca70379f43be306bf24f15f3be27179e97ac381bb4c8ee537f29c/pwned_passwords_django-2.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "a64b6bc8dafb24154935ddae31225c45fe189cdd03ba7fdeeab21a81c1ad541f",
"md5": "ffc0ba720de06a26ab20662855e4a5fc",
"sha256": "9c76a9f47261507dd29da5e4937462bba0dbfa7045ce0d0fcdb51c610dba8ac5"
},
"downloads": -1,
"filename": "pwned-passwords-django-2.1.tar.gz",
"has_sig": false,
"md5_digest": "ffc0ba720de06a26ab20662855e4a5fc",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 36136,
"upload_time": "2024-02-27T07:47:44",
"upload_time_iso_8601": "2024-02-27T07:47:44.980606Z",
"url": "https://files.pythonhosted.org/packages/a6/4b/6bc8dafb24154935ddae31225c45fe189cdd03ba7fdeeab21a81c1ad541f/pwned-passwords-django-2.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-02-27 07:47:44",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ubernostrum",
"github_project": "pwned-passwords-django",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "pwned-passwords-django"
}